-
+ F5AF3E43E060E36F7861CC646665CD9B58035F714535DB47C915C0D7D0B852A0F14B7D2E2461932349CF1AF9F63BBB301EB6F23B75550D877B03839530D48FE2bitcoin/src/script.cpp(0 . 0)(1 . 1234)
19148 // /****************************\
19149 // * EXPERIMENTAL BRANCH. *
19150 // * FOR LABORATORY USE ONLY. *
19151 // ********************************
19152 // ************
19153 // **************
19154 // ****************
19155 // **** **** ****
19156 // *** *** ***
19157 // *** *** ***
19158 // *** * * **
19159 // ******** ********
19160 // ******* ******
19161 // *** **
19162 // * ******* **
19163 // ** * * * * *
19164 // ** * * ***
19165 // **** * * * * ****
19166 // **** *** * * ** ***
19167 // **** ********* ******
19168 // ******* ***** *******
19169 // ********* ****** **
19170 // ** ****** ******
19171 // ** ******* **
19172 // ** ******* ***
19173 // **** ******** ************
19174 // ************ ************
19175 // ******** *******
19176 // ****** ****
19177 // *** ***
19178 // ********************************
19179 // Copyright (c) 2009-2010 Satoshi Nakamoto
19180 // Copyright (c) 2011 The Bitcoin developers
19181 // Distributed under the MIT/X11 software license, see the accompanying
19182 // file license.txt or http://www.opensource.org/licenses/mit-license.php.
19183 #include "headers.h"
19184
19185 using namespace std;
19186 using namespace boost;
19187
19188 bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);
19189
19190
19191
19192 typedef vector<unsigned char> valtype;
19193 static const valtype vchFalse(0);
19194 static const valtype vchZero(0);
19195 static const valtype vchTrue(1, 1);
19196 static const CBigNum bnZero(0);
19197 static const CBigNum bnOne(1);
19198 static const CBigNum bnFalse(0);
19199 static const CBigNum bnTrue(1);
19200 static const size_t nMaxNumSize = 4;
19201
19202
19203 CBigNum CastToBigNum(const valtype& vch)
19204 {
19205 if (vch.size() > nMaxNumSize)
19206 throw runtime_error("CastToBigNum() : overflow");
19207 // Get rid of extra leading zeros
19208 return CBigNum(CBigNum(vch).getvch());
19209 }
19210
19211 bool CastToBool(const valtype& vch)
19212 {
19213 for (int i = 0; i < vch.size(); i++)
19214 {
19215 if (vch[i] != 0)
19216 {
19217 // Can be negative zero
19218 if (i == vch.size()-1 && vch[i] == 0x80)
19219 return false;
19220 return true;
19221 }
19222 }
19223 return false;
19224 }
19225
19226 void MakeSameSize(valtype& vch1, valtype& vch2)
19227 {
19228 // Lengthen the shorter one
19229 if (vch1.size() < vch2.size())
19230 vch1.resize(vch2.size(), 0);
19231 if (vch2.size() < vch1.size())
19232 vch2.resize(vch1.size(), 0);
19233 }
19234
19235
19236
19237 //
19238 // Script is a stack machine (like Forth) that evaluates a predicate
19239 // returning a bool indicating valid or not. There are no loops.
19240 //
19241 #define stacktop(i) (stack.at(stack.size()+(i)))
19242 #define altstacktop(i) (altstack.at(altstack.size()+(i)))
19243 static inline void popstack(vector<valtype>& stack)
19244 {
19245 if (stack.empty())
19246 throw runtime_error("popstack() : stack empty");
19247 stack.pop_back();
19248 }
19249
19250
19251 bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, int nHashType)
19252 {
19253 CAutoBN_CTX pctx;
19254 CScript::const_iterator pc = script.begin();
19255 CScript::const_iterator pend = script.end();
19256 CScript::const_iterator pbegincodehash = script.begin();
19257 opcodetype opcode;
19258 valtype vchPushValue;
19259 vector<bool> vfExec;
19260 vector<valtype> altstack;
19261 if (script.size() > 10000)
19262 return false;
19263 int nOpCount = 0;
19264
19265
19266 try
19267 {
19268 while (pc < pend)
19269 {
19270 bool fExec = !count(vfExec.begin(), vfExec.end(), false);
19271
19272 //
19273 // Read instruction
19274 //
19275 if (!script.GetOp(pc, opcode, vchPushValue))
19276 return false;
19277 if (vchPushValue.size() > 520)
19278 return false;
19279 if (opcode > OP_16 && ++nOpCount > 201)
19280 return false;
19281
19282 if (opcode == OP_CAT ||
19283 opcode == OP_SUBSTR ||
19284 opcode == OP_LEFT ||
19285 opcode == OP_RIGHT ||
19286 opcode == OP_INVERT ||
19287 opcode == OP_AND ||
19288 opcode == OP_OR ||
19289 opcode == OP_XOR ||
19290 opcode == OP_2MUL ||
19291 opcode == OP_2DIV ||
19292 opcode == OP_MUL ||
19293 opcode == OP_DIV ||
19294 opcode == OP_MOD ||
19295 opcode == OP_LSHIFT ||
19296 opcode == OP_RSHIFT)
19297 return false;
19298
19299 if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4)
19300 stack.push_back(vchPushValue);
19301 else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))
19302 switch (opcode)
19303 {
19304 //
19305 // Push value
19306 //
19307 case OP_1NEGATE:
19308 case OP_1:
19309 case OP_2:
19310 case OP_3:
19311 case OP_4:
19312 case OP_5:
19313 case OP_6:
19314 case OP_7:
19315 case OP_8:
19316 case OP_9:
19317 case OP_10:
19318 case OP_11:
19319 case OP_12:
19320 case OP_13:
19321 case OP_14:
19322 case OP_15:
19323 case OP_16:
19324 {
19325 // ( -- value)
19326 CBigNum bn((int)opcode - (int)(OP_1 - 1));
19327 stack.push_back(bn.getvch());
19328 }
19329 break;
19330
19331
19332 //
19333 // Control
19334 //
19335 case OP_NOP:
19336 case OP_NOP1: case OP_NOP2: case OP_NOP3: case OP_NOP4: case OP_NOP5:
19337 case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
19338 break;
19339
19340 case OP_IF:
19341 case OP_NOTIF:
19342 {
19343 // <expression> if [statements] [else [statements]] endif
19344 bool fValue = false;
19345 if (fExec)
19346 {
19347 if (stack.size() < 1)
19348 return false;
19349 valtype& vch = stacktop(-1);
19350 fValue = CastToBool(vch);
19351 if (opcode == OP_NOTIF)
19352 fValue = !fValue;
19353 popstack(stack);
19354 }
19355 vfExec.push_back(fValue);
19356 }
19357 break;
19358
19359 case OP_ELSE:
19360 {
19361 if (vfExec.empty())
19362 return false;
19363 vfExec.back() = !vfExec.back();
19364 }
19365 break;
19366
19367 case OP_ENDIF:
19368 {
19369 if (vfExec.empty())
19370 return false;
19371 vfExec.pop_back();
19372 }
19373 break;
19374
19375 case OP_VERIFY:
19376 {
19377 // (true -- ) or
19378 // (false -- false) and return
19379 if (stack.size() < 1)
19380 return false;
19381 bool fValue = CastToBool(stacktop(-1));
19382 if (fValue)
19383 popstack(stack);
19384 else
19385 return false;
19386 }
19387 break;
19388
19389 case OP_RETURN:
19390 {
19391 return false;
19392 }
19393 break;
19394
19395
19396 //
19397 // Stack ops
19398 //
19399 case OP_TOALTSTACK:
19400 {
19401 if (stack.size() < 1)
19402 return false;
19403 altstack.push_back(stacktop(-1));
19404 popstack(stack);
19405 }
19406 break;
19407
19408 case OP_FROMALTSTACK:
19409 {
19410 if (altstack.size() < 1)
19411 return false;
19412 stack.push_back(altstacktop(-1));
19413 popstack(altstack);
19414 }
19415 break;
19416
19417 case OP_2DROP:
19418 {
19419 // (x1 x2 -- )
19420 if (stack.size() < 2)
19421 return false;
19422 popstack(stack);
19423 popstack(stack);
19424 }
19425 break;
19426
19427 case OP_2DUP:
19428 {
19429 // (x1 x2 -- x1 x2 x1 x2)
19430 if (stack.size() < 2)
19431 return false;
19432 valtype vch1 = stacktop(-2);
19433 valtype vch2 = stacktop(-1);
19434 stack.push_back(vch1);
19435 stack.push_back(vch2);
19436 }
19437 break;
19438
19439 case OP_3DUP:
19440 {
19441 // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
19442 if (stack.size() < 3)
19443 return false;
19444 valtype vch1 = stacktop(-3);
19445 valtype vch2 = stacktop(-2);
19446 valtype vch3 = stacktop(-1);
19447 stack.push_back(vch1);
19448 stack.push_back(vch2);
19449 stack.push_back(vch3);
19450 }
19451 break;
19452
19453 case OP_2OVER:
19454 {
19455 // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
19456 if (stack.size() < 4)
19457 return false;
19458 valtype vch1 = stacktop(-4);
19459 valtype vch2 = stacktop(-3);
19460 stack.push_back(vch1);
19461 stack.push_back(vch2);
19462 }
19463 break;
19464
19465 case OP_2ROT:
19466 {
19467 // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
19468 if (stack.size() < 6)
19469 return false;
19470 valtype vch1 = stacktop(-6);
19471 valtype vch2 = stacktop(-5);
19472 stack.erase(stack.end()-6, stack.end()-4);
19473 stack.push_back(vch1);
19474 stack.push_back(vch2);
19475 }
19476 break;
19477
19478 case OP_2SWAP:
19479 {
19480 // (x1 x2 x3 x4 -- x3 x4 x1 x2)
19481 if (stack.size() < 4)
19482 return false;
19483 swap(stacktop(-4), stacktop(-2));
19484 swap(stacktop(-3), stacktop(-1));
19485 }
19486 break;
19487
19488 case OP_IFDUP:
19489 {
19490 // (x - 0 | x x)
19491 if (stack.size() < 1)
19492 return false;
19493 valtype vch = stacktop(-1);
19494 if (CastToBool(vch))
19495 stack.push_back(vch);
19496 }
19497 break;
19498
19499 case OP_DEPTH:
19500 {
19501 // -- stacksize
19502 CBigNum bn(stack.size());
19503 stack.push_back(bn.getvch());
19504 }
19505 break;
19506
19507 case OP_DROP:
19508 {
19509 // (x -- )
19510 if (stack.size() < 1)
19511 return false;
19512 popstack(stack);
19513 }
19514 break;
19515
19516 case OP_DUP:
19517 {
19518 // (x -- x x)
19519 if (stack.size() < 1)
19520 return false;
19521 valtype vch = stacktop(-1);
19522 stack.push_back(vch);
19523 }
19524 break;
19525
19526 case OP_NIP:
19527 {
19528 // (x1 x2 -- x2)
19529 if (stack.size() < 2)
19530 return false;
19531 stack.erase(stack.end() - 2);
19532 }
19533 break;
19534
19535 case OP_OVER:
19536 {
19537 // (x1 x2 -- x1 x2 x1)
19538 if (stack.size() < 2)
19539 return false;
19540 valtype vch = stacktop(-2);
19541 stack.push_back(vch);
19542 }
19543 break;
19544
19545 case OP_PICK:
19546 case OP_ROLL:
19547 {
19548 // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
19549 // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
19550 if (stack.size() < 2)
19551 return false;
19552 int n = CastToBigNum(stacktop(-1)).getint();
19553 popstack(stack);
19554 if (n < 0 || n >= stack.size())
19555 return false;
19556 valtype vch = stacktop(-n-1);
19557 if (opcode == OP_ROLL)
19558 stack.erase(stack.end()-n-1);
19559 stack.push_back(vch);
19560 }
19561 break;
19562
19563 case OP_ROT:
19564 {
19565 // (x1 x2 x3 -- x2 x3 x1)
19566 // x2 x1 x3 after first swap
19567 // x2 x3 x1 after second swap
19568 if (stack.size() < 3)
19569 return false;
19570 swap(stacktop(-3), stacktop(-2));
19571 swap(stacktop(-2), stacktop(-1));
19572 }
19573 break;
19574
19575 case OP_SWAP:
19576 {
19577 // (x1 x2 -- x2 x1)
19578 if (stack.size() < 2)
19579 return false;
19580 swap(stacktop(-2), stacktop(-1));
19581 }
19582 break;
19583
19584 case OP_TUCK:
19585 {
19586 // (x1 x2 -- x2 x1 x2)
19587 if (stack.size() < 2)
19588 return false;
19589 valtype vch = stacktop(-1);
19590 stack.insert(stack.end()-2, vch);
19591 }
19592 break;
19593
19594
19595 //
19596 // Splice ops
19597 //
19598 case OP_CAT:
19599 {
19600 // (x1 x2 -- out)
19601 if (stack.size() < 2)
19602 return false;
19603 valtype& vch1 = stacktop(-2);
19604 valtype& vch2 = stacktop(-1);
19605 vch1.insert(vch1.end(), vch2.begin(), vch2.end());
19606 popstack(stack);
19607 if (stacktop(-1).size() > 520)
19608 return false;
19609 }
19610 break;
19611
19612 case OP_SUBSTR:
19613 {
19614 // (in begin size -- out)
19615 if (stack.size() < 3)
19616 return false;
19617 valtype& vch = stacktop(-3);
19618 int nBegin = CastToBigNum(stacktop(-2)).getint();
19619 int nEnd = nBegin + CastToBigNum(stacktop(-1)).getint();
19620 if (nBegin < 0 || nEnd < nBegin)
19621 return false;
19622 if (nBegin > vch.size())
19623 nBegin = vch.size();
19624 if (nEnd > vch.size())
19625 nEnd = vch.size();
19626 vch.erase(vch.begin() + nEnd, vch.end());
19627 vch.erase(vch.begin(), vch.begin() + nBegin);
19628 popstack(stack);
19629 popstack(stack);
19630 }
19631 break;
19632
19633 case OP_LEFT:
19634 case OP_RIGHT:
19635 {
19636 // (in size -- out)
19637 if (stack.size() < 2)
19638 return false;
19639 valtype& vch = stacktop(-2);
19640 int nSize = CastToBigNum(stacktop(-1)).getint();
19641 if (nSize < 0)
19642 return false;
19643 if (nSize > vch.size())
19644 nSize = vch.size();
19645 if (opcode == OP_LEFT)
19646 vch.erase(vch.begin() + nSize, vch.end());
19647 else
19648 vch.erase(vch.begin(), vch.end() - nSize);
19649 popstack(stack);
19650 }
19651 break;
19652
19653 case OP_SIZE:
19654 {
19655 // (in -- in size)
19656 if (stack.size() < 1)
19657 return false;
19658 CBigNum bn(stacktop(-1).size());
19659 stack.push_back(bn.getvch());
19660 }
19661 break;
19662
19663
19664 //
19665 // Bitwise logic
19666 //
19667 case OP_INVERT:
19668 {
19669 // (in - out)
19670 if (stack.size() < 1)
19671 return false;
19672 valtype& vch = stacktop(-1);
19673 for (int i = 0; i < vch.size(); i++)
19674 vch[i] = ~vch[i];
19675 }
19676 break;
19677
19678 case OP_AND:
19679 case OP_OR:
19680 case OP_XOR:
19681 {
19682 // (x1 x2 - out)
19683 if (stack.size() < 2)
19684 return false;
19685 valtype& vch1 = stacktop(-2);
19686 valtype& vch2 = stacktop(-1);
19687 MakeSameSize(vch1, vch2);
19688 if (opcode == OP_AND)
19689 {
19690 for (int i = 0; i < vch1.size(); i++)
19691 vch1[i] &= vch2[i];
19692 }
19693 else if (opcode == OP_OR)
19694 {
19695 for (int i = 0; i < vch1.size(); i++)
19696 vch1[i] |= vch2[i];
19697 }
19698 else if (opcode == OP_XOR)
19699 {
19700 for (int i = 0; i < vch1.size(); i++)
19701 vch1[i] ^= vch2[i];
19702 }
19703 popstack(stack);
19704 }
19705 break;
19706
19707 case OP_EQUAL:
19708 case OP_EQUALVERIFY:
19709 //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
19710 {
19711 // (x1 x2 - bool)
19712 if (stack.size() < 2)
19713 return false;
19714 valtype& vch1 = stacktop(-2);
19715 valtype& vch2 = stacktop(-1);
19716 bool fEqual = (vch1 == vch2);
19717 // OP_NOTEQUAL is disabled because it would be too easy to say
19718 // something like n != 1 and have some wiseguy pass in 1 with extra
19719 // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
19720 //if (opcode == OP_NOTEQUAL)
19721 // fEqual = !fEqual;
19722 popstack(stack);
19723 popstack(stack);
19724 stack.push_back(fEqual ? vchTrue : vchFalse);
19725 if (opcode == OP_EQUALVERIFY)
19726 {
19727 if (fEqual)
19728 popstack(stack);
19729 else
19730 return false;
19731 }
19732 }
19733 break;
19734
19735
19736 //
19737 // Numeric
19738 //
19739 case OP_1ADD:
19740 case OP_1SUB:
19741 case OP_2MUL:
19742 case OP_2DIV:
19743 case OP_NEGATE:
19744 case OP_ABS:
19745 case OP_NOT:
19746 case OP_0NOTEQUAL:
19747 {
19748 // (in -- out)
19749 if (stack.size() < 1)
19750 return false;
19751 CBigNum bn = CastToBigNum(stacktop(-1));
19752 switch (opcode)
19753 {
19754 case OP_1ADD: bn += bnOne; break;
19755 case OP_1SUB: bn -= bnOne; break;
19756 case OP_2MUL: bn <<= 1; break;
19757 case OP_2DIV: bn >>= 1; break;
19758 case OP_NEGATE: bn = -bn; break;
19759 case OP_ABS: if (bn < bnZero) bn = -bn; break;
19760 case OP_NOT: bn = (bn == bnZero); break;
19761 case OP_0NOTEQUAL: bn = (bn != bnZero); break;
19762 default: assert(!"invalid opcode"); break;
19763 }
19764 popstack(stack);
19765 stack.push_back(bn.getvch());
19766 }
19767 break;
19768
19769 case OP_ADD:
19770 case OP_SUB:
19771 case OP_MUL:
19772 case OP_DIV:
19773 case OP_MOD:
19774 case OP_LSHIFT:
19775 case OP_RSHIFT:
19776 case OP_BOOLAND:
19777 case OP_BOOLOR:
19778 case OP_NUMEQUAL:
19779 case OP_NUMEQUALVERIFY:
19780 case OP_NUMNOTEQUAL:
19781 case OP_LESSTHAN:
19782 case OP_GREATERTHAN:
19783 case OP_LESSTHANOREQUAL:
19784 case OP_GREATERTHANOREQUAL:
19785 case OP_MIN:
19786 case OP_MAX:
19787 {
19788 // (x1 x2 -- out)
19789 if (stack.size() < 2)
19790 return false;
19791 CBigNum bn1 = CastToBigNum(stacktop(-2));
19792 CBigNum bn2 = CastToBigNum(stacktop(-1));
19793 CBigNum bn;
19794 switch (opcode)
19795 {
19796 case OP_ADD:
19797 bn = bn1 + bn2;
19798 break;
19799
19800 case OP_SUB:
19801 bn = bn1 - bn2;
19802 break;
19803
19804 case OP_MUL:
19805 if (!BN_mul(&bn, &bn1, &bn2, pctx))
19806 return false;
19807 break;
19808
19809 case OP_DIV:
19810 if (!BN_div(&bn, NULL, &bn1, &bn2, pctx))
19811 return false;
19812 break;
19813
19814 case OP_MOD:
19815 if (!BN_mod(&bn, &bn1, &bn2, pctx))
19816 return false;
19817 break;
19818
19819 case OP_LSHIFT:
19820 if (bn2 < bnZero || bn2 > CBigNum(2048))
19821 return false;
19822 bn = bn1 << bn2.getulong();
19823 break;
19824
19825 case OP_RSHIFT:
19826 if (bn2 < bnZero || bn2 > CBigNum(2048))
19827 return false;
19828 bn = bn1 >> bn2.getulong();
19829 break;
19830
19831 case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;
19832 case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;
19833 case OP_NUMEQUAL: bn = (bn1 == bn2); break;
19834 case OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;
19835 case OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;
19836 case OP_LESSTHAN: bn = (bn1 < bn2); break;
19837 case OP_GREATERTHAN: bn = (bn1 > bn2); break;
19838 case OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;
19839 case OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;
19840 case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2); break;
19841 case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2); break;
19842 default: assert(!"invalid opcode"); break;
19843 }
19844 popstack(stack);
19845 popstack(stack);
19846 stack.push_back(bn.getvch());
19847
19848 if (opcode == OP_NUMEQUALVERIFY)
19849 {
19850 if (CastToBool(stacktop(-1)))
19851 popstack(stack);
19852 else
19853 return false;
19854 }
19855 }
19856 break;
19857
19858 case OP_WITHIN:
19859 {
19860 // (x min max -- out)
19861 if (stack.size() < 3)
19862 return false;
19863 CBigNum bn1 = CastToBigNum(stacktop(-3));
19864 CBigNum bn2 = CastToBigNum(stacktop(-2));
19865 CBigNum bn3 = CastToBigNum(stacktop(-1));
19866 bool fValue = (bn2 <= bn1 && bn1 < bn3);
19867 popstack(stack);
19868 popstack(stack);
19869 popstack(stack);
19870 stack.push_back(fValue ? vchTrue : vchFalse);
19871 }
19872 break;
19873
19874
19875 //
19876 // Crypto
19877 //
19878 case OP_RIPEMD160:
19879 case OP_SHA1:
19880 case OP_SHA256:
19881 case OP_HASH160:
19882 case OP_HASH256:
19883 {
19884 // (in -- hash)
19885 if (stack.size() < 1)
19886 return false;
19887 valtype& vch = stacktop(-1);
19888 valtype vchHash((opcode == OP_RIPEMD160 || opcode == OP_SHA1 || opcode == OP_HASH160) ? 20 : 32);
19889 if (opcode == OP_RIPEMD160)
19890 RIPEMD160(&vch[0], vch.size(), &vchHash[0]);
19891 else if (opcode == OP_SHA1)
19892 SHA1(&vch[0], vch.size(), &vchHash[0]);
19893 else if (opcode == OP_SHA256)
19894 SHA256(&vch[0], vch.size(), &vchHash[0]);
19895 else if (opcode == OP_HASH160)
19896 {
19897 uint160 hash160 = Hash160(vch);
19898 memcpy(&vchHash[0], &hash160, sizeof(hash160));
19899 }
19900 else if (opcode == OP_HASH256)
19901 {
19902 uint256 hash = Hash(vch.begin(), vch.end());
19903 memcpy(&vchHash[0], &hash, sizeof(hash));
19904 }
19905 popstack(stack);
19906 stack.push_back(vchHash);
19907 }
19908 break;
19909
19910 case OP_CODESEPARATOR:
19911 {
19912 // Hash starts after the code separator
19913 pbegincodehash = pc;
19914 }
19915 break;
19916
19917 case OP_CHECKSIG:
19918 case OP_CHECKSIGVERIFY:
19919 {
19920 // (sig pubkey -- bool)
19921 if (stack.size() < 2)
19922 return false;
19923
19924 valtype& vchSig = stacktop(-2);
19925 valtype& vchPubKey = stacktop(-1);
19926
19927 ////// debug print
19928 //PrintHex(vchSig.begin(), vchSig.end(), "sig: %s\n");
19929 //PrintHex(vchPubKey.begin(), vchPubKey.end(), "pubkey: %s\n");
19930
19931 // Subset of script starting at the most recent codeseparator
19932 CScript scriptCode(pbegincodehash, pend);
19933
19934 // Drop the signature, since there's no way for a signature to sign itself
19935 scriptCode.FindAndDelete(CScript(vchSig));
19936
19937 bool fSuccess = CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType);
19938
19939 popstack(stack);
19940 popstack(stack);
19941 stack.push_back(fSuccess ? vchTrue : vchFalse);
19942 if (opcode == OP_CHECKSIGVERIFY)
19943 {
19944 if (fSuccess)
19945 popstack(stack);
19946 else
19947 return false;
19948 }
19949 }
19950 break;
19951
19952 case OP_CHECKMULTISIG:
19953 case OP_CHECKMULTISIGVERIFY:
19954 {
19955 // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
19956
19957 int i = 1;
19958 if (stack.size() < i)
19959 return false;
19960
19961 int nKeysCount = CastToBigNum(stacktop(-i)).getint();
19962 if (nKeysCount < 0 || nKeysCount > 20)
19963 return false;
19964 nOpCount += nKeysCount;
19965 if (nOpCount > 201)
19966 return false;
19967 int ikey = ++i;
19968 i += nKeysCount;
19969 if (stack.size() < i)
19970 return false;
19971
19972 int nSigsCount = CastToBigNum(stacktop(-i)).getint();
19973 if (nSigsCount < 0 || nSigsCount > nKeysCount)
19974 return false;
19975 int isig = ++i;
19976 i += nSigsCount;
19977 if (stack.size() < i)
19978 return false;
19979
19980 // Subset of script starting at the most recent codeseparator
19981 CScript scriptCode(pbegincodehash, pend);
19982
19983 // Drop the signatures, since there's no way for a signature to sign itself
19984 for (int k = 0; k < nSigsCount; k++)
19985 {
19986 valtype& vchSig = stacktop(-isig-k);
19987 scriptCode.FindAndDelete(CScript(vchSig));
19988 }
19989
19990 bool fSuccess = true;
19991 while (fSuccess && nSigsCount > 0)
19992 {
19993 valtype& vchSig = stacktop(-isig);
19994 valtype& vchPubKey = stacktop(-ikey);
19995
19996 // Check signature
19997 if (CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType))
19998 {
19999 isig++;
20000 nSigsCount--;
20001 }
20002 ikey++;
20003 nKeysCount--;
20004
20005 // If there are more signatures left than keys left,
20006 // then too many signatures have failed
20007 if (nSigsCount > nKeysCount)
20008 fSuccess = false;
20009 }
20010
20011 while (i-- > 0)
20012 popstack(stack);
20013 stack.push_back(fSuccess ? vchTrue : vchFalse);
20014
20015 if (opcode == OP_CHECKMULTISIGVERIFY)
20016 {
20017 if (fSuccess)
20018 popstack(stack);
20019 else
20020 return false;
20021 }
20022 }
20023 break;
20024
20025 default:
20026 return false;
20027 }
20028
20029 // Size limits
20030 if (stack.size() + altstack.size() > 1000)
20031 return false;
20032 }
20033 }
20034 catch (...)
20035 {
20036 return false;
20037 }
20038
20039
20040 if (!vfExec.empty())
20041 return false;
20042
20043 return true;
20044 }
20045
20046
20047
20048
20049
20050
20051
20052
20053
20054 uint256 SignatureHash(CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType)
20055 {
20056 if (nIn >= txTo.vin.size())
20057 {
20058 printf("ERROR: SignatureHash() : nIn=%d out of range\n", nIn);
20059 return 1;
20060 }
20061 CTransaction txTmp(txTo);
20062
20063 // In case concatenating two scripts ends up with two codeseparators,
20064 // or an extra one at the end, this prevents all those possible incompatibilities.
20065 scriptCode.FindAndDelete(CScript(OP_CODESEPARATOR));
20066
20067 // Blank out other inputs' signatures
20068 for (int i = 0; i < txTmp.vin.size(); i++)
20069 txTmp.vin[i].scriptSig = CScript();
20070 txTmp.vin[nIn].scriptSig = scriptCode;
20071
20072 // Blank out some of the outputs
20073 if ((nHashType & 0x1f) == SIGHASH_NONE)
20074 {
20075 // Wildcard payee
20076 txTmp.vout.clear();
20077
20078 // Let the others update at will
20079 for (int i = 0; i < txTmp.vin.size(); i++)
20080 if (i != nIn)
20081 txTmp.vin[i].nSequence = 0;
20082 }
20083 else if ((nHashType & 0x1f) == SIGHASH_SINGLE)
20084 {
20085 // Only lockin the txout payee at same index as txin
20086 unsigned int nOut = nIn;
20087 if (nOut >= txTmp.vout.size())
20088 {
20089 printf("ERROR: SignatureHash() : nOut=%d out of range\n", nOut);
20090 return 1;
20091 }
20092 txTmp.vout.resize(nOut+1);
20093 for (int i = 0; i < nOut; i++)
20094 txTmp.vout[i].SetNull();
20095
20096 // Let the others update at will
20097 for (int i = 0; i < txTmp.vin.size(); i++)
20098 if (i != nIn)
20099 txTmp.vin[i].nSequence = 0;
20100 }
20101
20102 // Blank out other inputs completely, not recommended for open transactions
20103 if (nHashType & SIGHASH_ANYONECANPAY)
20104 {
20105 txTmp.vin[0] = txTmp.vin[nIn];
20106 txTmp.vin.resize(1);
20107 }
20108
20109 // Serialize and hash
20110 CDataStream ss(SER_GETHASH);
20111 ss.reserve(10000);
20112 ss << txTmp << nHashType;
20113 return Hash(ss.begin(), ss.end());
20114 }
20115
20116
20117 bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode,
20118 const CTransaction& txTo, unsigned int nIn, int nHashType)
20119 {
20120 CKey key;
20121 if (!key.SetPubKey(vchPubKey))
20122 return false;
20123
20124 // Hash type is one byte tacked on to the end of the signature
20125 if (vchSig.empty())
20126 return false;
20127 if (nHashType == 0)
20128 nHashType = vchSig.back();
20129 else if (nHashType != vchSig.back())
20130 return false;
20131 vchSig.pop_back();
20132
20133 return key.Verify(SignatureHash(scriptCode, txTo, nIn, nHashType), vchSig);
20134 }
20135
20136
20137
20138
20139
20140
20141
20142
20143
20144
20145 bool Solver(const CScript& scriptPubKey, vector<pair<opcodetype, valtype> >& vSolutionRet)
20146 {
20147 // Templates
20148 static vector<CScript> vTemplates;
20149 if (vTemplates.empty())
20150 {
20151 // Standard tx, sender provides pubkey, receiver adds signature
20152 vTemplates.push_back(CScript() << OP_PUBKEY << OP_CHECKSIG);
20153
20154 // Bitcoin address tx, sender provides hash of pubkey, receiver provides signature and pubkey
20155 vTemplates.push_back(CScript() << OP_DUP << OP_HASH160 << OP_PUBKEYHASH << OP_EQUALVERIFY << OP_CHECKSIG);
20156 }
20157
20158 // Scan templates
20159 const CScript& script1 = scriptPubKey;
20160 BOOST_FOREACH(const CScript& script2, vTemplates)
20161 {
20162 vSolutionRet.clear();
20163 opcodetype opcode1, opcode2;
20164 vector<unsigned char> vch1, vch2;
20165
20166 // Compare
20167 CScript::const_iterator pc1 = script1.begin();
20168 CScript::const_iterator pc2 = script2.begin();
20169 loop
20170 {
20171 if (pc1 == script1.end() && pc2 == script2.end())
20172 {
20173 // Found a match
20174 reverse(vSolutionRet.begin(), vSolutionRet.end());
20175 return true;
20176 }
20177 if (!script1.GetOp(pc1, opcode1, vch1))
20178 break;
20179 if (!script2.GetOp(pc2, opcode2, vch2))
20180 break;
20181 if (opcode2 == OP_PUBKEY)
20182 {
20183 if (vch1.size() < 33 || vch1.size() > 120)
20184 break;
20185 vSolutionRet.push_back(make_pair(opcode2, vch1));
20186 }
20187 else if (opcode2 == OP_PUBKEYHASH)
20188 {
20189 if (vch1.size() != sizeof(uint160))
20190 break;
20191 vSolutionRet.push_back(make_pair(opcode2, vch1));
20192 }
20193 else if (opcode1 != opcode2 || vch1 != vch2)
20194 {
20195 break;
20196 }
20197 }
20198 }
20199
20200 vSolutionRet.clear();
20201 return false;
20202 }
20203
20204
20205 bool Solver(const CKeyStore& keystore, const CScript& scriptPubKey, uint256 hash, int nHashType, CScript& scriptSigRet)
20206 {
20207 scriptSigRet.clear();
20208
20209 vector<pair<opcodetype, valtype> > vSolution;
20210 if (!Solver(scriptPubKey, vSolution))
20211 return false;
20212
20213 // Compile solution
20214 BOOST_FOREACH(PAIRTYPE(opcodetype, valtype)& item, vSolution)
20215 {
20216 if (item.first == OP_PUBKEY)
20217 {
20218 // Sign
20219 const valtype& vchPubKey = item.second;
20220 CKey key;
20221 if (!keystore.GetKey(Hash160(vchPubKey), key))
20222 return false;
20223 if (key.GetPubKey() != vchPubKey)
20224 return false;
20225 if (hash != 0)
20226 {
20227 vector<unsigned char> vchSig;
20228 if (!key.Sign(hash, vchSig))
20229 return false;
20230 vchSig.push_back((unsigned char)nHashType);
20231 scriptSigRet << vchSig;
20232 }
20233 }
20234 else if (item.first == OP_PUBKEYHASH)
20235 {
20236 // Sign and give pubkey
20237 CKey key;
20238 if (!keystore.GetKey(uint160(item.second), key))
20239 return false;
20240 if (hash != 0)
20241 {
20242 vector<unsigned char> vchSig;
20243 if (!key.Sign(hash, vchSig))
20244 return false;
20245 vchSig.push_back((unsigned char)nHashType);
20246 scriptSigRet << vchSig << key.GetPubKey();
20247 }
20248 }
20249 else
20250 {
20251 return false;
20252 }
20253 }
20254
20255 return true;
20256 }
20257
20258
20259 bool IsStandard(const CScript& scriptPubKey)
20260 {
20261 vector<pair<opcodetype, valtype> > vSolution;
20262 return Solver(scriptPubKey, vSolution);
20263 }
20264
20265
20266 bool IsMine(const CKeyStore &keystore, const CScript& scriptPubKey)
20267 {
20268 vector<pair<opcodetype, valtype> > vSolution;
20269 if (!Solver(scriptPubKey, vSolution))
20270 return false;
20271
20272 // Compile solution
20273 BOOST_FOREACH(PAIRTYPE(opcodetype, valtype)& item, vSolution)
20274 {
20275 if (item.first == OP_PUBKEY)
20276 {
20277 const valtype& vchPubKey = item.second;
20278 vector<unsigned char> vchPubKeyFound;
20279 if (!keystore.GetPubKey(Hash160(vchPubKey), vchPubKeyFound))
20280 return false;
20281 if (vchPubKeyFound != vchPubKey)
20282 return false;
20283 }
20284 else if (item.first == OP_PUBKEYHASH)
20285 {
20286 if (!keystore.HaveKey(uint160(item.second)))
20287 return false;
20288 }
20289 else
20290 {
20291 return false;
20292 }
20293 }
20294
20295 return true;
20296 }
20297
20298 bool static ExtractAddressInner(const CScript& scriptPubKey, const CKeyStore* keystore, CBitcoinAddress& addressRet)
20299 {
20300 vector<pair<opcodetype, valtype> > vSolution;
20301 if (!Solver(scriptPubKey, vSolution))
20302 return false;
20303
20304 BOOST_FOREACH(PAIRTYPE(opcodetype, valtype)& item, vSolution)
20305 {
20306 if (item.first == OP_PUBKEY)
20307 addressRet.SetPubKey(item.second);
20308 else if (item.first == OP_PUBKEYHASH)
20309 addressRet.SetHash160((uint160)item.second);
20310 if (keystore == NULL || keystore->HaveKey(addressRet))
20311 return true;
20312 }
20313
20314 return false;
20315 }
20316
20317
20318 bool ExtractAddress(const CScript& scriptPubKey, const CKeyStore* keystore, CBitcoinAddress& addressRet)
20319 {
20320 if (keystore)
20321 return ExtractAddressInner(scriptPubKey, keystore, addressRet);
20322 else
20323 return ExtractAddressInner(scriptPubKey, NULL, addressRet);
20324 return false;
20325 }
20326
20327
20328 bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn, int nHashType)
20329 {
20330 vector<vector<unsigned char> > stack;
20331 if (!EvalScript(stack, scriptSig, txTo, nIn, nHashType))
20332 return false;
20333 if (!EvalScript(stack, scriptPubKey, txTo, nIn, nHashType))
20334 return false;
20335 if (stack.empty())
20336 return false;
20337 return CastToBool(stack.back());
20338 }
20339
20340
20341 bool SignSignature(const CKeyStore &keystore, const CTransaction& txFrom, CTransaction& txTo, unsigned int nIn, int nHashType, CScript scriptPrereq)
20342 {
20343 assert(nIn < txTo.vin.size());
20344 CTxIn& txin = txTo.vin[nIn];
20345 assert(txin.prevout.n < txFrom.vout.size());
20346 const CTxOut& txout = txFrom.vout[txin.prevout.n];
20347
20348 // Leave out the signature from the hash, since a signature can't sign itself.
20349 // The checksig op will also drop the signatures from its hash.
20350 uint256 hash = SignatureHash(scriptPrereq + txout.scriptPubKey, txTo, nIn, nHashType);
20351
20352 if (!Solver(keystore, txout.scriptPubKey, hash, nHashType, txin.scriptSig))
20353 return false;
20354
20355 txin.scriptSig = scriptPrereq + txin.scriptSig;
20356
20357 // Test solution
20358 if (scriptPrereq.empty())
20359 if (!VerifyScript(txin.scriptSig, txout.scriptPubKey, txTo, nIn, 0))
20360 return false;
20361
20362 return true;
20363 }
20364
20365
20366 bool VerifySignature(const CTransaction& txFrom, const CTransaction& txTo, unsigned int nIn, int nHashType)
20367 {
20368 assert(nIn < txTo.vin.size());
20369 const CTxIn& txin = txTo.vin[nIn];
20370 if (txin.prevout.n >= txFrom.vout.size())
20371 return false;
20372 const CTxOut& txout = txFrom.vout[txin.prevout.n];
20373
20374 if (txin.prevout.hash != txFrom.GetHash())
20375 return false;
20376
20377 if (!VerifyScript(txin.scriptSig, txout.scriptPubKey, txTo, nIn, nHashType))
20378 return false;
20379
20380 return true;
20381 }